Image file distribution apparatus, image file recovery apparatus, image file distribution method, image file recovery method, image file distribution program, image file recovery program, and recording medium storing program

ABSTRACT

Provided are an image file distribution apparatus, an image file recovery apparatus, an image file distribution method, an image file recovery method, an image file distribution program, an image file recovery program, and a recording medium storing the program which can prevent a relatively large increase in the amount of data of an image file even when an (k, n) secret sharing scheme with high security is used. For example, distributed tag information is obtained from tag information of the image file by a (k, n)-threshold secret sharing scheme. For example, distributed image data is obtained from image data by a (k, L, n)-threshold ramp secret sharing scheme. For example, the distributed tag information and the distributed image data are combined to obtain combined data. Since the amount of data in the tag information is small, the use of the (k, n) secret sharing scheme does not cause a large increase in the amount of data. Since the (k, L, n)-threshold ramp secret sharing scheme does not cause a large increase in the amount of data, an increase in the total amount of data in the image data is relatively small.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a Continuation of PCT International Application No.PCT/JP2016/057909 filed on Mar. 14, 2016, which claims priority under 35U.S.C. §119(a) to Japanese Patent Application No. 2015-058907 filed Mar.23, 2015. Each of the above application(s) is hereby expresslyincorporated by reference, in its entirety, into the presentapplication.

BACKGROUND OF THE INVENTION 1. Field of the Invention

The present invention relates to an image file distribution apparatus,an image file recovery apparatus, an image file distribution method, animage file recovery method, an image file distribution program, an imagefile recovery program, and a recording medium storing the program.

2. Description of the Related Art

When a very large amount of data is stored in storage device, the costof the storage device increases. Therefore, the cost of storing data canbe reduced by a cloud storage server that is provided on the Internet.However, it is pointed out that the cloud storage server has a securityproblem. In particular, when a cloud is used, the task is to securedata. For example, the following have been proposed in order to improvesecurity: a technique that distributes a plurality of partial data itemsto a plurality of data centers and stores the partial data items in thedata centers, using a secret sharing scheme (JP2013-020313A); and anapparatus that backs up data (JP2007-102672A 2).

There are various types of secret sharing schemes. A (k, n)-thresholdsecret sharing scheme (A. Shamir. “How to Share a Secret”, Comm. Assoc.Comput. Mach., Vol. 22, no. 11, pp. 612-613 (Nov. 1979)) distributessecret information into n distributed data items, collects k (k is equalto or greater than 2 and equal to or less than n) distributed data itemsamong the n distributed data items, and recovers the k distributed dataitems. A (k, n)-threshold secret sharing scheme is a perfect secretsharing scheme and has information-theoretic security. Therefore, evenwhen k−1 distributed data items less than a threshold value areacquired, a clue about secret information does not leak. However, in the(k, n)-threshold secret sharing scheme, the size of the divided data isequal to the size of the original secret data. Therefore, the (k,n)-threshold secret sharing scheme has the problem that the total amountof divided. data is n times more than the amount of original secret dataand the amount of data increases. In order to solve the problem of the(k, n)-threshold secret sharing scheme, a (k, L, n)-threshold rampsecret sharing scheme (Hirosuke Yamamoto, “(k, L, n)-Threshold SecretSharing System”, Transactions of the Institute of Electronics andCommunication Engineers of Japan, vol. 168-A, No. 9, pp. 945-952, 1985)that can reduce the amount of divided data has been proposed. The (k, L,n)-threshold ramp secret sharing scheme (Hirosuke Yamamoto, “On SecretSharing Systems Using (k L n) Threshold. Scheme”, Transactions of theinstitute of Electronics and Communication Engineers of Japan, vol.168-A, No. 9, pp. 945-952, 1985) compresses the size of distributed datato 1/L instead of reducing security (information-theoretic security upto k-L) a little. The (k, L, n)-threshold ramp secret sharing scheme isthe same as the (k, n)-threshold secret sharing scheme in that itcollects k or more divided data items among n divided data items andrecovers the original secret data.

SUMMARY OF THE INVENTION

In contrast, in a case in which the number of collected divided dataitems is equal to or less than (k−L) (1≦L≦k), it is difficult tocompletely recover and estimate secret data from the divided data.However, in a case in which the number of collected divided data itemsis less than k and is greater than (k-L), the information of secret datais partially obtained. As a result, the (k, L, n)-threshold ramp secretsharing scheme has the problem that security is lower than that in the(k, n)-threshold secret sharing scheme.

An object of the invention is to prevent a relatively large increase inthe amount of data even when a (k, n)-threshold secret sharing schemewith high security is used.

According to a first aspect of the invention, there is provided an imagefile distribution apparatus comprising: a (k, n)-threshold secretsharing device {(k, n)-threshold secret sharing means} for distributingtag information recorded in a tag information recording region of animage file into a plurality of first distributed tag information items,using a (k, n)-threshold secret sharing scheme; a (k, L, n)-thresholdramp secret sharing device {(k, L, n)-threshold ramp secret sharingmeans} for distributing image data recorded in an image data recordingregion of the image tile into a plurality of second distributed imagedata items, using a (k, L, n)-threshold ramp secret sharing scheme; adistributed tag information transmission device (distributed taginformation transmission means) for transmitting each of the pluralityof first distributed tag information items distributed by the (k,n)-threshold secret sharing device to different storage servers, and adistributed image data transmission device (distributed image datatransmission means) for transmitting each of the plurality of seconddistributed image data items distributed by the (k, L, n)-threshold rampsecret sharing device to different storage servers.

The first aspect of the invention also provides an image filedistribution method. That is, this method comprises: allowing a (k,n)-threshold secret sharing device to distribute tag informationrecorded in a tag information recording region of an image file into aplurality of first distributed tag information items, using a (k,n)-threshold secret sharing scheme; allowing a (k, L, n)-threshold rampsecret sharing device to distribute image data recorded in an image datarecording region of the image file into a plurality of seconddistributed image data items, using a (k, L, n)-threshold ramp secretsharing scheme; allowing distributed tag information transmission totransmit each of the plurality of first distributed tag informationitems distributed by the (k, n)-threshold secret sharing device todifferent storage servers; and allowing a distributed image datatransmission device to transmit each of the plurality of seconddistributed image data items distributed by the (k, L, n)-threshold rampsecret sharing device to different storage servers. In addition, thefirst aspect of the invention provides a computer readable program thatcontrols a computer of an image file distribution apparatus and a(non-transitory) recording medium that stores the program.

The image file distribution apparatus may further comprise a combinationdevice (combination means) for combining each of the distributed taginformation items distributed by the (k, n)-threshold secret sharingdevice with each of the distributed image data items distributed by the(k, L, n)-threshold ramp secret sharing device to generate combineddata. In this case, the distributed tag information transmission deviceand the distributed image data transmission device transmit the combineddata generated by the combination device to different storage servers.

The number of first distributed tag information items distributed by the(k, n)-threshold secret sharing device may be different from the numberof second distributed image data items distributed by the (k, L,n)-threshold ramp secret sharing device.

For example, the distributed image data transmission device transmitsthe plurality of second distributed image data items after thedistributed tag information transmission device transmits the pluralityof first distributed tag information items.

The image file distribution apparatus may further comprise: adetermination device (determination device) for determining whether arate of utilization of a communication line which is used to transmitthe plurality of second distributed image data items by the distributedimage data transmission device is less than a threshold value. In thiscase, as the determination device determines that the rate ofutilization of the communication line is less than the threshold value,the distributed image data transmission device transmits the pluralityof second distributed image data items.

The image file distribution apparatus may further comprise a distributedtag information storage device (distributed tag information storagemeans) for storing at least one of the plurality of first distributedtag information items distributed by the (k, n)-threshold secret sharingdevice. In this case, the distributed tag information transmissiondevice transmits each of the distributed tag information items otherthan the distributed tag information item stored in the distributed taginformation storage device among the plurality of first distributed taginformation items to different storage servers.

For example, the image file is a DICOM tile.

The storage server to which the distributed tag information istransmitted by the distributed tag information transmission device maybe different from the storage server to which the distributed image datais transmitted by the distributed image data transmission device.

According to a second aspect of the invention, there is provided animage file recovery apparatus comprising: a distributed tag informationreading device for reading a plurality of first distributed taginformation items which have been obtained by distributing taginformation recorded in a tag information recording region of an imagefile, using a (k, n)-threshold secret sharing scheme, and have beenstored in different storage servers; a distributed image data readingdevice for reading a plurality of second distributed image data itemswhich have been obtained by distributing image data recorded in an imagedata recording region of the image file, using a (k, L, n)-thresholdramp secret sharing scheme, and have been stored in different storageservers; a distributed tag information recovery device (distributed taginformation recovery means) for recovering the plurality of firstdistributed tag information items read by the distributed taginformation reading device, using the (k, n)-threshold secret sharingscheme; and a distributed image data recovery device (distributed imagedata recovery means) for recovering the plurality of second distributedimage data items read by the distributed image data reading device,using the (k, L, n)-threshold ramp secret sharing scheme.

The second aspect of the invention also provides an image file recoverymethod. That is, this method comprises: allowing a distributed taginformation reading device to read a plurality of first distributed taginformation items which have been obtained by distributing taginformation recorded in a tag information recording region of an imagefile, using a (k, n)-threshold secret sharing scheme, and have beenstored in different storage servers; allowing a distributed image datareading device to read a plurality of second distributed image dataitems which have been obtained by distributing image data recorded in animage data recording region of the image tile, using a (k, L,n)-threshold ramp secret sharing scheme, and have been stored indifferent storage servers; allowing a distributed tag informationrecovery device to recover the plurality of first distributed taginformation items read by the distributed tag information readingdevice, using the (k, n)-threshold secret sharing scheme; and allowing adistributed image data recovery device to recover the plurality ofsecond distributed image data items read by the distributed image datareading device, using the (k, L, n)-threshold ramp secret sharingscheme. In addition, the second aspect of the invention provides aprogram that can be read by a computer of an image file recoveryapparatus and a (non-transitory) recording medium that stores theprogram.

The image file recovery apparatus may further comprise an image datareading stop device (image data reading stop means) for stopping thereading of the plurality of second distributed image data items by thedistributed image data reading device.

The image file recovery apparatus may further comprise an image filegeneration device (image file generation means) for generating the imagefile from the distributed tag information recovered by the distributedtag information recovery device and the distributed image data recoveredby the distributed image data recovery device.

In this case, the image file is, for example, a DICOM file.

According to the first aspect of the invention, the tag information ofthe image file is distributed into a plurality of first distributed taginformation items by the (k, n)-threshold secret sharing scheme. Theplurality of first distributed tag information items are transmitted todifferent storage servers and are stored in the storage servers. Inaddition, the image data of the image file is distributed into aplurality of second image data items by the (k, L, n)-threshold rampsecret sharing scheme. The plurality of second image data items aretransmitted to different storage servers and are stored in the storageservers. The security of the (k, n)-threshold secret sharing scheme ishigher than that of the (k, L, n) threshold ramp sharing scheme. Theamount of data in the (k, n)-threshold secret sharing scheme is morethan that in the (k. L, n)-threshold ramp secret sharing scheme. Incontrast, the security of the (k, L, n)-threshold ramp secret sharingscheme is lower than that of the (k, n)-threshold secret sharing scheme.The amount of data after distribution in the (k, L, n)-threshold rampsecret sharing scheme is less than that in the (k, n)-threshold secretsharing scheme. According to the invention, the image data thatoriginally has a large size is distributed by the (k, L, n)-thresholdramp secret sharing scheme in which the amount of data afterdistribution is small. Therefore, it is possible to suppress arelatively large increase in the amount of data. Since tag informationis more important than image data, the tag information is distributed bythe (k, n) sharing scheme with high security such that data does notleak. Since the original amount of data in the tag information is small,the tag information is distributed by the (k, n) sharing scheme. In thiscase, even when the amount of data is large, the rate of increase in theamount of data is less than that in a case in which image data isdistributed by the (k, n) sharing scheme. Therefore, it is possible toguarantee the security of important tag information while suppressing anincrease in the amount of data after distribution.

According to the second aspect of the invention, the distributed taginformation and the distributed image data distributed by the firstaspect of the invention are read. The read. distributed tag informationand the read distributed image data are recovered. The tag informationand the image data before distribution are obtained.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram illustrating the electric configuration of animage file distribution/recovery apparatus.

FIG. 2 illustrates the file structure of a DICOM file.

FIG. 3 illustrates an aspect in which an image file is distributed.

FIG. 4 is a table storing the address of a recording destination ofcombined data.

FIG. 5 is a flowchart illustrating the procedure of the image filedistribution/recovery apparatus.

FIG. 6 is a flowchart illustrating the procedure of the image filedistribution/recovery apparatus.

FIG. 7 is a flowchart illustrating the procedure of the image filedistribution/recovery apparatus.

FIG. 8 is a flowchart illustrating the procedure of the image filedistribution/recovery apparatus.

FIG. 9 is a flowchart illustrating the procedure of the image filedistribution/recovery apparatus.

FIG. 10 is a flowchart illustrating the procedure of the image filedistribution/recovery apparatus.

FIG. 11 illustrates an aspect in which the distributed combined data isrecovered to the image file.

FIG. 12 is a flowchart illustrating the procedure of the image filedistribution/recovery apparatus.

DESCRIPTION OF THE PREFERRED EMBODIMENTS

FIG. 1 illustrates an embodiment of the invention and is a block diagrammainly illustrating the electric configuration of an image filedistribution/recovery apparatus 10. FIG. 2 illustrates the filestructure of a digital imaging and communication in medicine (DICOM)file 40. FIG. 3 illustrates an aspect in Which the DICOM file 40 isdistributed by the image file distribution/recovery apparatus.

The image file distribution/recovers apparatus 10 (an image filedistribution apparatus and an image file recovery apparatus) distributesan image file using a secret sharing scheme. The image filedistribution/recovery apparatus IC) according to this embodiment canperform distribution, using a (k, n)-threshold secret sharing scheme anda (k, L, n)-threshold ramp secret sharing scheme. The (k, n)-thresholdsecret sharing scheme distributes secret information into n distributeddata items, collects k (k is equal to or greater than 2 and equal to orless than n) distributed data items among then distributed data items,and recovers the k distributed data items. The (k, n)-threshold secretsharing scheme is a perfect secret sharing scheme and hasinformation-theoretic security. Therefore, even when k−1 distributeddata items less than a threshold value are acquired, a clue about secretinformation does not leak. The (k, L, n)-threshold ramp secret sharingscheme compresses the size of distributed data to while reducingsecurity (information-theoretic security up to k−L) a little. In thesesharing schemes, n is a distribution number and k is a threshold value.

The (k, n)-threshold secret sharing scheme includes, for example, anytype of scheme, such as a secret sharing scheme, a threshold sharingscheme, a secret division scheme, a. threshold value division scheme, ora threshold secret division scheme as long as it distributes secretinformation into n distributed data items, collects k (k is equal to orgreater than 2 and equal to or less than n) distributed data items amongthe n distributed data items, and recovers the k distributed data items.Similarly, the (k, L, n)-threshold ramp secret sharing scheme includesany type of scheme as long as it compresses the size of distributed datato 1/L while reducing security (information-theoretic security up tok-L) a little.

The image file distribution/recovery apparatus 10 can communicate with ppersonal computers l to p through a network and can communicate with mstorage servers 31 to 3 m through the network.

The overall operation of the image file distribution/recovery apparatus10 is controlled by a control device 11.

The image file distribution/recovery apparatus 10 includes a compactdisc read only memory (CD-ROM) drive 23. When a compact disc read onlymemory (CD-ROM) 24 (recording medium) storing a program, which will bedescribed below, is inserted into the image file distribution/recoveryapparatus 10, the program stored in the CD-ROM 24 is read and installedin the image file distribution/recovery apparatus 10. The program is notlimited to the recording medium, such as the CD-ROM 24, and may bestored in other recording media, such as a memory card, or may bedownloaded and installed in the image file distribution/recoveryapparatus 10 through the network.

The image file distribution/recovery apparatus 10 includes an operationdevice 12 that is operated by a user. Commands that are input to theoperation device 12 are transmitted to the control device 11. Inaddition, a memory 13 that stores, for example, data is connected to thecontrol device 11.

In this embodiment, the DICOM file 40 in which, for example, roentgenimage data of a patient is stored as secret information is distributed.However, the invention is not limited to the DICOM file 40 and otherfiles may be distributed.

Referring to FIG. 2, the DICOM file 40 includes a tag informationrecording region 41 and an image data recording region 42.

Medical image data, such as roentgen image data, is recorded in theimage data recording region 42.

Tag information (management information) about a patient correspondingto an image indicated by the image data recorded in the image data,recording region 42, such as a patient name or a patient ID, is recordedin the tag information recording region 41.

Referring to FIG. 1 and FIG. 3, the DICOM file 40 is transmitted fromany one of the personal computers l to n and is input to a datainput/output device 14 of the image file distribution recovery apparatus10 through the network. The DICOM file 40 is transmitted to a primarystorage memory 15 and is then stored in the primary storage memory 15.The control device 11 divides the DICOM file 40 into tag information 50and image data 60. Since data indicating the amount of data in the taginformation 50 is recorded in the tag information recording region 41,the tag information 50 includes the data indicating the amount of data.The image data. 60 is recorded after the tag information 50. In thisway, it is possible to divide the DICOM file 40 into the tag information50 and the image data 60.

The divided tag information 50 is input to a first distributed datageneration device 16. The first distributed data generation device 16distributes the tag information 50 into a plurality of (n) firstdistributed tag information items, using the (k, n)-threshold secretsharing scheme. In this embodiment, the first distributed datageneration device 16 {a (k, n)-threshold secret sharing device}distributes the tag information 50 into three distributed taginformation items 51, 52, and 53 (the number of distributed taginformation items may not be three). The distributed tag informationitems 51. 52, and 53 are transmitted to a distributed/recovered datastorage memory 18 and is then temporarily stored in thedistributed/recovered data storage memory 18.

The divided image data 60 is input to a second distributed datageneration device 17. The second distributed data generation device 17distributes the image data 60 into a plurality of (n) second image dataitems, using the (k, L, n)-threshold ramp secret sharing scheme. In thisembodiment, the second distributed data generation device 17 {a (k, L,n)-threshold ramp sharing device} distributes the image data 60 intothree image data items 61, 62, and 63 (the number of image data itemsmay not be three). The distributed image data items 61, 62, and 63 aretransmitted to the distributed/recovered data storage memory 18 and arethen temporarily stored in the distributed/recovered data storage memory18.

The distributed tag information items 51, 52, and 53 and the distributedimage data items 61, 62, and 63 stored in the distributed/recovered datastorage memory 18 are transmitted to a combination device 19 (acombination device). The combination device 19 combines the distributedtag information item 51 with the distributed image data item 61,combines the distributed tag information item 52 with the distributedimage data item 62, and combines the distributed tag information item 53with the distributed image data item 63 to generate combined data items71, 72, and 73.

Among the generated combined data items 71, and 73, the combined dataitem 71 is transmitted to the first storage server 31 by a datacommunication device 22 (a distributed tag information transmissiondevice and a distributed image data transmission device), the combineddata item 72 is transmitted to the second storage server 32 by the datacommunication device 22, and the combined data item 73 is transmitted tothe third storage server 33 by the data communication device 22. Assuch, the combined data items 71, 72, and 73 are transmitted to aplurality of different storage servers 31, 32, and 33 and are stored inthe storage servers 31, 32, and 33.

FIG. 4 illustrates an example of a recording destination tableindicating the recording destinations of the combined data items 71 to73.

In the recording destination table, the addresses of the recordingdestinations of the combined data items 71 to 73 are stored for eachDICOM file number (No.) and each DICOM file name.

The address (of a recording region) of the storage server 31 which isthe recording destination of the combined data item 71, the address (ofa recording region) of the storage server 32 which is the recordingdestination of the combined data item 72, and the address (of arecording region) of the storage server 33 which is the recordingdestination of the combined data item 73 are stored as a first recordingdestination, a second recording destination, and a third recordingdestination in the recording destination table so as to correspond tothe file name of the DICOM file 40, respectively.

The recording destination table is stored in the memory 13. Therecording destination table stored in the memory 13 is read to recognizethe addresses of the recording destinations of the desired combined dataitems 71, 72, and 73, which makes it possible to read desired combineddata from the storage servers 31, 32, and 33.

FIG. 5 is a flowchart illustrating the procedure of the image filedistribution/recovery apparatus 10.

The DICOM file 40 transmitted from any one of the personal computers lto p is input from the data input/output device 14 (Step 81) and thecontrol device 11 divides the DICOM file 40 into the tag information 50and the image data 60 (Step 82). The first distributed data generationdevice 16 distributes the tag information 50 into the distributed taginformation items 51, 52, and 53 (Step 83). The second distributed datageneration device 17 distributes the image data 60 into the distributedimage data items 61, 62, and 63 (Step 84).

As described above, the combination device 19 combines the distributedtag information item 51 with the distributed image data item 61,combines the distributed tag information item 52 with the distributedimage data item 62, and combines the distributed tag information item 53with the distributed image data item 63 to generate the combined dataitems 71, 72, and 73 (Step 85). The combined data item 71 is transmittedto the first storage server 31, the combined data item 72 is transmittedto the second storage server 32, and the combined data item 73 istransmitted to the third storage server 33 (Step 86).

In the above-described embodiment, for example, the combined data items71 obtained by combining the distributed tag information items 51 andthe distributed image data items 61 are transmitted to different storageservers 31. However, for example, the distributed tag information items51 and the distributed image data items 61 may be transmitted todifferent storage servers 31, without being combined with each other.For example, the data communication device 22 (a distributed image datatransmission device) transmits the distributed tag information item 51that is not combined to the storage server 31, transmits the distributedtag information item 52 that is not combined to the storage server 32,and transmits the distributed tag information items 53 that is notcombined to the storage server 33. The distributed image data item 61may be transmitted to the storage server 31 or may be transmitted to astorage server other than the storage servers 31 to 33 in which thedistributed tag information items 51 to 53 are stored. Similarly, thedistributed image data item 62 may be transmitted to the storage server32 or may be transmitted to a storage server other than the storageservers 31 to 33 in which the distributed tag information items 51 to 53are stored. The distributed image data item 63 may be transmitted to thestorage server 33 or may be transmitted to a storage server other thanthe storage servers 31 to 33 in which the distributed tag informationitems 51 to 53 are stored.

FIG. 6 corresponds to FIG. 3 and illustrates an aspect in which theimage file distribution/recovery apparatus 10 distributes the DICOM file40.

In the above-described embodiment, the number of distributed taginformation items 51 to 53 (three distributed tag information itemswhich are a plurality of first distributed tag information items)generated by the first distributed data generation device 16 is equal tothe number of distributed image data items 61 to 63 (three distributedimage data items which are a plurality of second distributed image dataitems) generated by the second distributed data generation device 17.However, the numbers may be different from each other.

Referring to FIG. 6, the first distributed data generation device 16distributes the tag information 50 into four distributed tag informationitems 51 to 54. The second distributed data generation device 17distributes the image data 60 into three distributed image data items 61to 63. As described above, three distributed tag information items 51 to53 among the distributed tag information items 51 to 54 distributed bythe first distributed data generation device 16 are combined with thedistributed image data items 61 to 63 distributed by the seconddistributed data generation device 17 to generate combined data items 71to 73, respectively. As described above, the generated combined dataitems 71, 72, and 73 are transmitted to the storage servers 31, 32, and33, respectively. Among the four distributed tag information items 51 to54, the distributed tag information 54 that is not used to generate thecombined data items 71 to 73 is transmitted to a storage server otherthan the storage servers 31 to 33 by the data communication device 22.

In the above-described embodiment, the number of distributed taginformation items 51 to 54 generated by the first distributed datageneration device 16 is greater than the number of distributed imagedata items 61 to 63 generated by the second distributed data generationdevice 17. However, the number of distributed tag information items maybe less than the number of distributed image data items. In this case,the distributed image data item that is not used to generate thecombined data items 71 to 73 is transmitted to a storage server otherthan the storage servers 31 to 33 to which the combined data items 71 to73 have been transmitted.

FIGS. 7 and 8 are flowcharts illustrating another procedure of the imagefile distribution/recovery apparatus 10. In the processes illustrated inFIGS. 7 and 8, the same processes as those illustrated in FIG. 5 aredenoted by the same reference numerals and the description thereof willnot be repeated.

As described above, three (a plurality of first) distributed taginformation items 51 to 53 and three (a plurality of second) distributedimage data items 61 to 63 are generated (Steps 81 to 84). The combineddata items 71 to 73 are not generated and the data communication device22 (a distributed tag information transmission device) transmits thethree distributed tag information items 51, 52, and 53 to the storageservers 31, 32, and 33, respectively (Step 87).

When the distributed tag information items 51, 52, and 53 aretransmitted to the storage servers 31, 32, and 33, respectively, thecontrol device 11 detects the rate of utilization of the networkconnecting the image file distribution/recovers apparatus 10 and thestorage servers 31 to 3 n {the network (communication line) used totransmit a plurality of second distributed image data items by the datacommunication device 22} (Step 80). When the control device 11 (adetermination device) determines that the detected rate of utilizationis less than a threshold value (YES in Step 89), it is possible torapidly transmit the distributed image data items 61 to 63 to thestorage servers 31 to 3 n, respectively. The data communication device22 (a distributed image data transmission device) transmits a pluralityof second distributed image data items 61, 62, and 63 to differentstorage servers among the storage servers 31 to 3 n (Step 90). When therate of utilization is equal to or greater than the threshold value (NOin Step 89), the transmission of the plurality of second distributedimage data items 61, 62, and 63 is temporarily stopped until the rate ofutilization is less than the threshold value. When the rate ofutilization is less than the threshold value, the plurality of seconddistributed image data items 61. 62, and 63 are transmitted.

In the above-described embodiment, the rate of utilization of thenetwork is detected and the distributed image data items 61 to 63 aretransmitted to the storage servers 31 to 3 n in a case in which thedetected rate of utilization is less than the threshold value. However,even when the rate of utilization is not detected, the distributed taginformation items 51 to 53 may be transmitted to different storageservers among the storage servers 31 to 3 n and then the distributedimage data items 61 to 63 may be transmitted to different storageservers among the storage servers 31 to 3 n.

FIG. 9 is a flowchart illustrating still another procedure of the imagefile distribution/recovery apparatus 10. In FIG. 9, the same processesas those illustrated in FIG. 5 are denoted by the same referencenumerals and the description thereof will not be repeated.

As illustrated in FIG. 6, the distributed tag information items 51 to 54are generated and the distributed image data items 61 to 63 aregenerated (Steps 81 to 84). The distributed tag information 54 is storedin the distributed/recovered data storage memory 18, without beingtransmitted from the image file distribution/recovery apparatus 10 toany of the storage servers 31 to 3 n (Step 101). As such, at least oneof a plurality of first distributed tag information items is stored inthe distributed/recovered data storage memory 18.

The data communication device 22 transmits the distributed taginformation items 51 to 53 other than the distributed tag information 54stored in the distributed/recovered data storage memory 18 to differentstorage servers among the storage servers 31 to 3 n (Step 102). The datacommunication device 22 transmits the distributed image data items 61 to63 to different storage servers among the storage servers 31 to 3 n(Step 103).

FIGS. 10 to 12 are diagrams illustrating an example in which thedistributed tag information items 51 to 53 and the distributed imagedata items 61 to 63 that are distributed as described above arerecovered.

FIG. 10 is a flowchart illustrating the procedure of the image filedistribution/recovery apparatus 10. FIG. 11 illustrates an aspect inwhich the combined data items 71 and 73 (the distributed tag informationitems 51 to 53 and the distributed image data items 61 to 63) that aredistributed as described above are recovered.

The distributed combined data items 71 to 73 are stored in differentstorage servers 31 to 33, respectively, such that the combined data item71 is stored in the storage server 31, the combined data item 72 isstored in the storage server 32, and the combined data item 73 is storedin the storage server 33. As illustrated in FIG. 4, addresses indicatingthe storage destinations of the combined data items 71, 72, and 73 arestored in the memory 13. Therefore, the addresses are read and commandsto transmit the combined data items 71, 72, and 73 are transmitted fromthe control device 11 of the image file distribution/recovery apparatus10 to the storage servers 31, 32, and 33, respectively.

When the storage servers 31, 32, and 33 receive the transmissioncommands from the image file distribution/recovery apparatus 10, thestorage server 31 transmits the combined data item 71 to the image filedistribution/recovery apparatus 10, the storage server 32 transmits thecombined data item 72 to the image file distribution/recovery apparatus10, and the storage server 33 transmits the combined data item 73 to theimage file distribution/recovery apparatus 10.

The data communication device 22 of the image file distribution/recoveryapparatus 10 receives the combined data items 71 to 73 transmitted fromthe storage servers 31 to 33. That is, the data communication device 22reads a plurality of combined data items 71 to 73 (Step 111).

The control device 11 divides the combined data items 71 to 73 into aplurality of first distributed tag information items 51 to 53 and aplurality of second distributed image data items 61 to 63, respectively(Step 112). The division positions of each of the distributed taginformation items 51 to 53 and each of the distributed image data items61 to 63 are known by storing the amount of data in each of thedistributed tag information items 51 to 53 in the memory 13 at the timeof distribution and by storing the start positions of the distributedimage data items 61 to 63 in the memory 13. Each of the divideddistributed tag information items 51 to 53 and each of the divideddistributed image data items 61 to 63 are temporarily stored in thedistributed/recovered data storage memory 18.

The control device 11 reads the distributed tag information items 51 to53 temporarily stored in the distributed/recovered data storage memory18 and transmits the distributed tag information items 51 to 53 to afirst distributed data recovery device 20. That is, the control device11 (a distributed tag information reading device) reads a plurality ofdivided first distributed tag information items 51 to 53 (Step 113). Assuch, the tag information recorded in the tag information recordingregion 41 of the DICOM file 40 is distributed into a plurality of firstdistributed tag information items 51 to 53 by the (k, n)-thresholdsecret sharing scheme, the plurality of first distributed taginformation items 51 to 53 are stored in different storage servers 31 to33, and the control device 11 (a distributed tag information readingdevice) reads the plurality of first distributed tag information items51 to 53.

The control device 11 reads the distributed image data items 61 to 63temporarily stored in the distributed/recovered data storage memory 18and transmits the distributed image data items 61 to 63 to a seconddistributed data recovery device 21. That is, the control device 11 (adistributed image data reading device) reads a plurality of dividedsecond distributed image data items 61 to 63 (Step 114). As such, theimage data recorded in the image data recording region 42 of the DICOMfile 40 is distributed into a plurality of second distributed image dataitems 61 to 63 by the (k, L, n)-threshold ramp secret sharing scheme,the plurality of second distributed image data items 61 to 63 are storedin different storage servers 31 to 33, and the control device 11 (adistributed image data reading device) reads the plurality of seconddistributed image data items 61 to 63.

The first distributed data recovery device 20 recovers the distributedtag information items 51 to 53 (a plurality of first distributed taginformation items) (Step 115). The first distributed data recoverydevice 20 (a distributed tag information recovery device) recovers thefirst distributed tag information read by the control device 11 (adistributed tag information reading device) using the (k, n)-thresholdsecret sharing scheme. The tag information 50 before distribution isobtained by the recovery.

The second distributed data recovery device 21 recovers the distributedimage data items 61 to 63 (a plurality of second distributed image dataitems) (Step 116). The second distributed data recovery device 21 (adistributed image data recovery device) recovers the plurality of seconddistributed image data items 61 to 63 read by the control device 11 (adistributed image data reading device) using the (k, L, n)-thresholdramp secret sharing scheme. The image data 60 before distribution isobtained by the recovery.

The control device 11 reads the recovered tag information 50 and therecovered image data 60. The control device 11 (an image file generationdevice) combines the tag information 50 and the image data 60 togenerate the DICOM file 40 (Step 117). The generated DICOM file 40 istransmitted to any one of the personal computers l to n and the imageand the tag information are reproduced.

In the above-described embodiment, the combined data items 71 to 73stored in different storage servers 31 to 33 are read and recovered tothe DICOM file 40. In a case in which the distributed tag informationitems 51 to 53 and the distributed image data items 61 to 63 which arenot combined with each other are stored in different storage servers 31to 33, the distributed tag information items 51 to 53 can be read by thedata communication device 22 (a distributed tag information readingdevice) and the distributed image data items 61 to 63 can be read by thecommunication device 22 (a distributed image data reading device).Similarly, the distributed tag information items 51 to 53 and thedistributed image data items 61 to 63 can be recovered to the imagetile. In addition, in a case in which the distributed tag informationitems 51 to 53 are stored in different storage servers 31 to 33 and thedistributed image data items 61 to 63 are distributed and stored in astorage server other than the storage servers 31 to 33, similarly, thedistributed tag information items 51 to 53 and the distributed imagedata items 61 to 63 can be recovered to the DICOM file 40.

FIG. 12 illustrates yet another procedure and is a flowchartillustrating the procedure of the image file distribution/recoveryapparatus 10.

In the procedure illustrated in FIG. 12, after the distributed taginformation items 51 to 53 are read, the distributed image data items 61to 63 are read.

Similarly to the above, the data communication device 22 reads aplurality of first distributed tag information items 51 to 53 stored inthe storage servers 31 to 33 (Step 121).

The user may recover only the distributed tag information items 51 to53. In a case in which it is considered that the distributed image dataitems 61 to 63 do not need to be recovered, the user inputs a read stopcommand to the image file distribution/recovery apparatus 10 through theoperation device 12. When the read stop command is input (YES in Step122), the control device 11 (an image data reading stop device) controlsthe data communication device 22 such that the reading of thedistributed image data items 61 to 63 is stopped. The first distributeddata recovery device 20 recovers the read distributed tag informationitems 51 to 53 (Step 127).

In a case in which it is considered that the distributed image dataitems 61 to 63 need to be recovered, the read stop command is not inputto the image file distribution/recovery apparatus 10 (NO in Step 122).Similarly to the above, the data communication device 22 reads thedistributed image data items 61 to 63 stored in the storage servers 31to 33 (Step 123). The first distributed data recovery device 20 recoversthe read distributed tag information items 51 to 53 to obtain the taginformation 50 (Step 124). The second distributed data recovery device21 recovers the read distributed image data items 61 to 63 to obtain theimage data 60 (Step 125). The tag information 50 and the image data 60are combined to obtain the DICOM file 40 (Step 126).

As described above, in a case in which the tag information 50 is dividedinto a plurality of distributed tag information items 51 to 54, thedistributed tag information item 54 is stored in thedistributed/recovered data storage memory 18, and the distributed taginformation items 51 to 53 are stored in the storage servers 31 to 33,the tag information 50 and the image data 60 may be recovered by thesame method as described above.

In the image file distribution/recovery apparatus 10 illustrated in FIG.1, an image file is distributed and recovered by hardware. Some or allof the distribution and recovery processes may be performed by software.In addition, the image file distribution/recovery apparatus 10 canperform both the distribution and recovery of an image file. However, anapparatus that performs only the distribution of an image file and anapparatus that performs only the recovery of an image file may beseparately provided.

In the above-described embodiment, the tag information recorded in thetag information recording region of the image file is distributed by the(k, n)-threshold secret sharing scheme. However, the name of the regionin which the tag information is recorded is not limited to the taginformation recording region and management information of the imagefile, such as header information recorded in a header recording region,may be distributed by the (k, n)-threshold secret sharing scheme.

What is claimed is:
 1. An image file distribution apparatus comprising:a (k, n)-threshold secret sharing device for distributing taginformation recorded in a tag information recording region of an imagefile into a plurality of first distributed tag information items, usinga (k, n)-threshold secret sharing scheme; a (k, L, n)-threshold rampsecret sharing device for distributing image data recorded in an imagedata recording region of the image file into a plurality of seconddistributed image data items, using a (k, L, n)-threshold ramp secretsharing scheme; a distributed tag information transmission device fortransmitting each of the plurality of first distributed tag informationitems distributed by the (k, n)-threshold secret sharing means todifferent storage servers; and a distributed image data transmissiondevice for transmitting each of the plurality of second distributedimage data items distributed by the (k, L, n)-threshold ramp secretsharing device to different storage servers.
 2. The image filedistribution apparatus according to claim 1, further comprising: acombination device for combining each of the distributed tag informationitems distributed by the (k, n)-threshold secret sharing device witheach of the distributed image data items distributed by the (k, L,n)-threshold ramp secret sharing device to generate combined data,wherein the distributed tag information transmission device and thedistributed image data transmission device transmit the combined datagenerated by the combination device to different storage servers.
 3. Theimage file distribution apparatus according to claim 1, wherein thenumber of first distributed tag information items distributed by the (k,n)-threshold secret sharing device is different from the number ofsecond distributed image data items distributed by the (k, n)-thresholdramp secret sharing device.
 4. The image file distribution apparatusaccording to claim 1, wherein the distributed image data transmissiondevice transmits the plurality of second distributed image data itemsafter the distributed tag information transmission device transmits theplurality of first distributed tag information items.
 5. The image filedistribution apparatus according to claim 4, further comprising: adetermination device for determining whether a rate of utilization of acommunication line which is used to transmit the plurality of seconddistributed image data items by the distributed image data transmissiondevice is less than a threshold value, wherein, as the determinationdevice determines that the rate of utilization of the communication lineis less than the threshold value, the distributed image datatransmission device transmits the plurality of second distributed imagedata items. C. The image file distribution apparatus according to claim1, further comprising: a distributed tag information storage device forstoring at least one of the plurality of first distributed taginformation items distributed by the (k, n)-threshold secret sharingdevice, wherein the distributed tag information transmission devicetransmits each of the distributed tag information items other than thedistributed tag information item stored in the distributed taginformation storage device among the plurality of first distributed taginformation items to different storage servers.
 7. The image filedistribution apparatus according to claim 1, wherein the image file is aDICOM file.
 8. The image file distribution apparatus according to claim1, wherein the storage server to which the distributed tag informationis transmitted by the distributed tag information transmission device isdifferent from the storage server to which the distributed image data istransmitted by the distributed image data transmission device.
 9. Animage file recovery apparatus comprising: a distributed tag informationreading device for reading a plurality of first distributed taginformation items which have been obtained by distributing taginformation recorded in a tag information recording region of an imagefile, using a (k, n)-threshold secret sharing scheme, and have beenstored in different storage servers; a distributed image data readingdevice for reading a plurality of second distributed image data itemswhich have been obtained by distributing image data recorded in an imagedata recording region of the image file, using a (k, L, n)-thresholdramp secret sharing scheme, and have been stored in different storageservers; a distributed tag information recovery device for recoveringthe plurality of first distributed tag information items read by thedistributed tag information reading device, using the (k, n)-thresholdsecret sharing scheme; and a distributed image data recovery device forrecovering the plurality of second distributed image data items read bythe distributed image data reading device, using the (k, n)-thresholdramp secret sharing scheme.
 10. The image file recovery apparatusaccording to claim 9, further comprising: an image data reading stopdevice for stopping the reading of the plurality of second distributedimage data items by the distributed image data reading device.
 11. Theimage file recovery apparatus according to claim 9, further comprising:an image file generation device for generating the image file from thedistributed tag information recovered by the distributed tag informationrecovery device and the distributed image data recovered by thedistributed image data recovery device.
 12. The image file recoveryapparatus according to claim 9, wherein the image file is a DICOM file.13. An image file distribution method, said method comprising the stepsof: allowing a (k, n)-threshold secret sharing device to distribute taginformation recorded in a tag information recording region of an imagefile into a plurality of first distributed tag information items, usinga (k, n)-threshold secret sharing scheme; allowing a (k, L, n)-thresholdramp secret sharing device to distribute image data recorded in an imagedata recording region of the image file into a plurality of seconddistributed image data items, using a (k, L, n)-threshold ramp secretsharing scheme; allowing a distributed tag information transmissiondevice to transmit each of the plurality of first distributed taginformation items distributed by the (k, n)-threshold secret sharingdevice to different storage servers; and allowing a distributed imagedata transmission device to transmit each of the plurality of seconddistributed image data items distributed by the (k. L, n)-threshold rampsecret sharing device to different storage servers.
 14. An image tilerecovery method, said method comprising the steps of: allowing adistributed tag information reading device to read a plurality of firstdistributed tag information items which have been obtained bydistributing tag information recorded in a tag information recordingregion of an image file, using a (k. n)-threshold secret sharing scheme,and have been stored in different storage servers; allowing adistributed image data reading device to read a plurality of seconddistributed image data items which have been obtained by distributingimage data recorded in an image data recording region of the image tile,using a (k, L, n)-threshold ramp secret sharing scheme, and have beenstored in different storage servers; allowing a distributed taginformation recovery device to recover the plurality of firstdistributed tag information items read by the distributed taginformation reading device, using the (k, n)-threshold secret sharingscheme; and allowing a distributed image data recovery device to recoverthe plurality of second distributed image data items read by thedistributed image data reading device, using the (k, L, n)-thresholdramp secret sharing scheme.
 15. A non-transitory recording mediumstoring a computer-readable program that controls a computer of an imagefile distribution apparatus such that the computer performs:distributing tag information recorded in a tag information recordingregion of an image file into a plurality of first distributed taginformation items, using a (k, n)-threshold secret sharing scheme;distributing image data recorded in an image data recording region ofthe image file into a plurality of second distributed image data items,using a (k, L, n)-threshold ramp secret sharing scheme; transmittingeach of the plurality of first distributed tag information items todifferent storage servers; and transmitting each of the plurality ofsecond distributed image data items distributed by the (k, L,n)-threshold ramp secret sharing scheme to different storage servers.16. A non-transitory recording medium storing a computer-readableprogram that controls a computer of an image file recovery apparatussuch that the computer performs: reading a plurality of firstdistributed tag information items which have been obtained bydistributing tag information recorded in a tag information recordingregion of an image file, using a (k, n)-threshold secret sharing scheme,and have been stored in different storage servers; reading a pluralityof second distributed image data items which have been obtained bydistributing image data recorded in an image data recording region ofthe image file, using a (k, L, n)-threshold ramp secret sharing scheme,and have been stored in different storage servers; recovering the readplurality of first distributed tag information items, using the (k,n)-threshold secret sharing scheme; and recovering the read plurality ofsecond distributed image data items, using the (k, L, n)-threshold rampsecret sharing scheme.
 17. An image file distribution apparatuscomprising: a processor configured for: allowing a (k, n)-thresholdsecret sharing device to distribute tag information recorded in a taginformation recording region of an image file into a plurality of firstdistributed tag information items, using a (k, n)-threshold secretsharing scheme; allowing a (k, L, n)-threshold ramp secret sharingdevice to distribute image data recorded in an image data recordingregion of the image file into a plurality of second distributed imagedata items, using a (k, L, n)-threshold ramp secret sharing scheme;allowing a distributed tag information transmission device to transmiteach of the plurality of first distributed tag information itemsdistributed by the (k, n)-threshold secret sharing device to differentstorage servers; and allowing a distributed image data transmissiondevice to transmit each of the plurality of second distributed imagedata items distributed by the (k, L, n)-threshold ramp secret sharingdevice to different storage servers.
 18. An image file recoveryapparatus comprising: a processor configured for: allowing a distributedtag information reading device to read a plurality of first distributedtag information items which have been obtained by distributing taginformation recorded in a tag information recording region of an imagefile, using a (k, n)-threshold secret sharing scheme, and have beenstored in different storage servers; allowing a distributed image datareading device to read a plurality of second distributed image dataitems which have been obtained by distributing image data recorded in animage data recording region of the image file, using a (k, L,n)-threshold ramp secret sharing scheme, and have been stored indifferent storage servers; allowing a distributed tag informationrecovery device to recover the plurality of first distributed taginformation items read by the distributed tag information readingdevice, using the (k, n)-threshold secret sharing scheme; and allowing adistributed image data recovery device to recover the plurality ofsecond distributed image data items read by the distributed image datareading device, using the (k, L, n)-threshold ramp secret sharingscheme.